Article Categories

Thursday, February 26, 2009

Chaitanya Sareen provided a list of some of the changes that have been made in Windows 7 Beta in preparation for the Release Candidate (RC), explaining as follows:

"This blog post talks about a few of the improvements that will be in our Release Candidate (RC) based upon customer feedback. There are many under the hood changes (bug fixes, compatibility fixes, performance improvements, and improvements) across the entire dev team that we just don’t have room to discuss here, but we thought you’d enjoy a taste of some changes made by three of our feature teams: Core User Experience, Find & Organize and Devices & Media. The comments in this article come from a variety of verbatim sources, with identifying information withheld."

The improvements have been made under the following subject descriptions:

Tuesday, February 24, 2009

Many people have switched to the Foxit Reader as a substitute to Adobe Reader. With the publicity over the current Adobe Readervulnerability, I expect even more people are looking for a substitute.

Unfortunately, I learned from a comment posted by "The Dean" at Bits from Bill that the recent update to the popular substitute, Foxit (no connection to the Mozilla Firefox browser), now includes the Ask Toolbar, disguised as the "Foxit Toolbar".

Update 25Feb09:

In a discussion at WinVistaClub Forum, my friend Seti shared his recent experience with Foxit and gave me permission to reproduce his comments here:

"There was the tool bar, and when you unchecked the tick box you get the following message: by not installing the this toolbar the following items will not be available for free use:typewriter tools and text converter. So a condition of installing the tool bar you get these things, otherwise you don't. So it is not complete! So I went ahead and then I looked at my desk top and there was a short cut to ebay! This was not mentioned at any stage that it would be placed there! I quickly removed the whole thing and then checked in my registry and it was still showing there so I deleted that as well. Conclusion: It does have the toolbar included and there is an unexpected short cut as well. As far as I am concerned it can foxit off, because I wont be using it"

Friends and regular Security Garden readers know how I feel about pre-checked, opt-out add-ons. In this case, I understand that even unchecking the toolbar addition does not prevent the installation. Apparently the $1/install has resulted in enticing the Foxit software developers to resort to this measure.

Secunia is reporting that disabling JavaScript does not prevent exploitation of the Adobe Reader/Acrobat 0-Day Vulnerability:

"During our analysis, Secunia managed to create a reliable, fully working exploit (available for Secunia Binary Analysis customers), which does not use JavaScript and can therefore successfully compromise users, who may think they are safe because JavaScript support has been disabled.

All users of Adobe Reader/Acrobat should therefore show extreme caution when deciding which PDF files to open regardless of whether they have disabled JavaScript support or not. Hopefully, Adobe will be issuing patches very soon."

In addition to the caution advised by Secunia, it is still advisable to block JavaScript. This can be accomplished on Firefox with NoScript. In addition, WinPatrol users can block the ActiveX. Merely click on the ActiveX tab in WinPatrol, sort by company name to find the Adobe components. Then select the Acrobat reader and click on Disable.

Have you activated your copy of Windows 7 Beta yet? The Windows 7 Beta includes a 30 day grace period for activation. During the setup process an option is provided that enables Windows to attempt to activate itself automatically after three days of use.

Following is a summary of the series of events, provided by the Windows Genuine Advantage blog, that will occur if automatic activation is not selected:

If automatic activation is not selected, after the third day, you will begin to see a message from the system tray that reminds you to "Activate Windows Now" and the time remaining in the grace period.

If you take no action and click on "Ask me later", you will be presented with a message asking you to "Activate Now" on a daily basis until the 27th day. After 27 days, if you have not activated the software you will receive the message every four hours.

On the 30th day, messages will appear every 60 minutes. When you log into their computer you will be presented with a message that asks you to "Activate Windows now" and that the activation period has expired. If you click on "Activate now" you will be launched into the standard activation process. If you click on "Ask me later" you will be presented with a notification that describes the risks associated with using non-genuine software, the benefits of genuine software, and helpful resources.

If you do not activate the software within the grace period you will receive

persistent notifications, including a message from the system tray every 60 minutes that reminds you to "Activate Windows Now"

a persistent desktop notification that Windows is non-genuine, a non-genuine message that appears when the Control Panel is launched, and the desktop will be set to a plain black background. (Note: Even if you change the plain black background to any background, the background will reset to a plain black background every 60 minutes.)

This experience will continue until the Windows 7 Beta is activated and you will not be able to receive optional updates from Windows Update unless the copy of Windows is properly activated.

Adobe has issued a Flash Player update to address security vulnerabilities. The details from the update notice are copied below. This is not a fix for the previously reported Critical Vulnerability in Adobe Reader.

Note: I found that several of the global and website settings configured previously had to be reset. Instructions on how to configure the On-line Settings Manager to configure Flash Player settings are available in the Cyber Security Awareness Tip of the Day: October 19.

Summary

A potential vulnerability has been identified in Adobe Flash Player 10.0.12.36 and earlier that could allow an attacker who successfully exploits this potential vulnerability to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit this potential vulnerability. Additional vulnerabilities have been addressed in this update. Adobe recommends users update to the most current version of Flash Player available for their platform.

Affected software versions

Adobe Flash Player 10.0.12.36 and earlier (Adobe Flash Player 10.0.15.3 and earlier for Linux)

To verify the Adobe Flash Player version number, access the About Flash Player page, or right-click on Flash content and select “About Adobe (or Macromedia) Flash Player” from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.

Solution

Adobe recommends all users of Adobe Flash Player 10.0.12.36 and earlier versions upgrade to the newest version 10.0.22.87 by downloading it from the Player Download Center, or by using the auto-update mechanism within the product when prompted.

For users who cannot update to Flash Player 10, Adobe has developed a patched version of Flash Player 9, Flash Player 9.0.159.0, which can be downloaded from the following link.

Severity rating

Adobe categorizes this as a critical update and recommends affected users upgrade to version 10.0.22.87.

Details

This update resolves a buffer overflow issue that could potentially allow an attacker to execute arbitrary code. (CVE-2009-0520)

This update resolves an input validation issue that leads to a Denial of Service (DoS); arbitrary code execution has not been demonstrated, but may be possible. (CVE-2009-0519)

An update to the Flash Player settings manager display page on Adobe.com has been deployed to avoid a potential Clickjacking issue variant for Flash Player. The Settings Manager is a special control panel that runs on your local computer but is displayed within and accessed from the Adobe website. (CVE-2009-0114)

This update resolves a Windows-only issue with mouse pointer display that could potentially contribute to a Clickjacking attack. (CVE-2009-0522)

This update prevents a potential Linux-only information disclosure issue in the Flash Player binary that could lead to privilege escalation. (CVE-2009-0521)

Monday, February 23, 2009

As I quickly posted the other day, starting tomorrow (February 24), Microsoft is planning to roll out test updates for Windows 7 Beta (Build 7000) users to test the Windows servicing infrastructure. The updates will notprovide any new features, fixes or functionality for Windows 7.

"Starting on February 24th we will be offering some test updates to Windows 7 Beta (build 7000) computers. We do typically verify update scenarios during a Beta, and releasing these test updates will help ensure that when we need to release real updates, the process will run smoothly. There will be at most five updates. These updates test the Windows 7 servicing infrastructure. They will not deliver any new features or fixes.

The updates will be offered interactively. This means that users will be notified of available updates, but they won’t install automatically. Users will need to go to the Windows Update control paneland manually start installation. They will also be clearly titled as a test update. If you don’t want to install the updates then you can right click on each update and select “Hide update” to prevent it from being shown in the list of available updates."

Having used WinPatrol for many years, when BillP talks about an updated version, I wonder how he can make WinPatrol better than it is already. Read on to learn about the latest improvement to WinPatrol and how it evolved.

One member did just that. alsiladka had not used WinPatrol before but went ahead and gave it a try. The result? First read the suggestion that alsiladka submitted:

"I must be honest here. When i first installed it, the first glance at the UI and the layout was not very pleasing. It looked like another "StartUp Entries / ActiveX / BHOs" tweaker.

But Andy asked me to use it over the next few days and then form a judgement. And ain't i glad I did that! What a wonderful and helpful piece of software.

Getting straight to the feature suggestion, i have a suggestion which would turn this into an even formidable and a must have app.

As of now, we have to go to each tab to check the latest activity for that group. But can we have a Single feed or a live feed tab, where all the events are logged together, irrespective of their catagory, according to the time of happening? So that i can see what all changes took place in the system right after I installed software X, as all i need to do is look at that portion of the Main log which is right after the time i installed software X."

I passed the suggestion along to BillP. Here is the result in Bill's words:

"I’ve heard a lot of good comments and one suggestion was so valuable I couldn’t wait for a future release to make it available."

WinPatrol already tracks when a program, service, hidden file or registry entry is first detected. As a result of the suggestion by alsiladka, a new tab has been added to WinPatrol which combines all entries sorted by date first detected on the computer.

I have already tested the new WinPatrol Beta and, not having installed any new programs recently, I found all these strange etilqs. files on the new Recent tab:

Sunday, February 22, 2009

Microsoft (Nasdaq “MSFT”) announced a new initiative, Elevate America, with the objective of providing technology training for up to 2 million people over the next three years.

"Elevate America has two main offerings, one available immediately and one that will be provided in partnership with state governments including those of Florida, New York and Washington.

A new online resource, located at http://www.microsoft.com/ElevateAmerica, is available today. This new Web site helps individuals understand what types of technical skills they need for the jobs and entrepreneurial opportunities of today and tomorrow, and resources to help acquire these skills. The Web site provides access to several Microsoft online training programs, including how to use the Internet, send e-mail and create a résumé, as well as more advanced programs on using specific Microsoft applications."

Should the job market open up, those who have been able to take advantage of these opportunities will have a better chance in the marketplace.

Using keyboard combinations, can help reduce mouse usage and add further speed to your activities. Keyboard shortcuts are particularly useful for people who are experiencing ergonomic issues. I don't advise trying to remember all the shortcuts at once. Pick out one or two that fit actions you frequently perform. After you master one or two, add additional shortcuts to your daily computer use.

"Win" in the lists represents the Windows Logo Key on the keyboard. General

Win+Up Arrow - Maximize

Win+Down Arrow - Restore / Minimize

Win+Left Arrow - Snap (dock) window to the left

Win+Right Arrow - Snap (dock) window to right

Win+Shift+Left Arrow - Jump/shift window to the left monitor

Win+Shift+Right Arrow - Jump/shift window to the right monitor

Win+Home - Minimize / Restore all other windows

Win+T - Focus on the first taskbar entryPressing Win+T again will cycle through the taskbar items, you can can arrow around.

Win+Shift+T - cycles backwards.

Win+Spacebar - Peek at the desktop

Win+G - Bring gadgets to the top of the Z-order

Win+P - External display options (mirror, extend desktop, etc)

Win+X - Mobility Center (same as Vista, but still handy!)

Win+# (# = a number key) - Launches a new instance of the application in the Nth slot on the taskbar. Example: Win+1 launches first pinned application, Win+2 launches the second, etc.

Win+ + | Win+ - (plus or minus key) Zoom in or out.

Windows Explorer

Alt+P - Show/hide Preview Pane

Taskbar modifiers

Shift + Click on icon - Open a new instance

Middle-click on icon - Open a new instance

Ctrl + Shift + Click on icon - Open a new instance with Admin privileges

Shift + Right-click on icon - Show window menu (Restore / Minimize / Move / etc)Note: Normally you can just right-click on the window thumbnail to get this menu

TechNet Magazine has a compilation of tips for Windows Vista, SQL Server and Windows 7 Beta. The list is updated when a new tip is included in an issue of TechNet Magazine.

Listed below is the current collection of tips available at Windows 7 beta 1 Tips. If you are testing Windows 7 Beta, be sure to check them out. If you have not tried to "shake windows off your desktop" yet, it is a tip you won't want to miss.

"Buffer overflow issue in versions 9.0 and earlier of Adobe Reader and Acrobat

Release date: February 19, 2009

Vulnerability identifier: APSA09-01

Bid number: 33751

Platform: All platforms

A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.

Adobe is planning to release updates to Adobe Reader and Acrobat to resolve the relevant security issue. Adobe expects to make available an update for Adobe Reader 9 and Acrobat 9 by March 11th, 2009. Updates for Adobe Reader 8 and Acrobat 8 will follow soon after, with Adobe Reader 7 and Acrobat 7 updates to follow."

Thursday, February 19, 2009

Microsoft is moving the Knowledge Base (KB) articles from http://suppport.microsoft.com to MSDN and TechNet. The move will more closely associate the KB articles with the technical documentation in MSDN and TechNet. The pilot launch has begun with the remainder scheduled to be completed by the end of the month.

Security/hotfix articles will apparently not be moved to MSDN and TechNet during this wave but are planned to be relocated at a later time.

In the event you regularly search the KB articles, note the change in syntax, as reported in the comments by Chris:

"...the fine print on the site scoping.

site:technet.microsoft.com/kb

site:msdn.microsoft.com/kb

will scope down to just searching the KBs.

WRT being able to just type in "URL/", and get the article you want, you will still be able to this, with a slight modification to the numbering schema to support KB article numbers beyond 999,999.

Abstract

We are sending you this communication to inform you that on Tuesday, February 24, 2009, Microsoft will be releasing five test updates to Windows 7 Beta (Build 7000) computers. These updates are being sent in order to verify our ability to deliver and manage the updating of Windows 7 in certain scenarios in the future.

Background

Rationale

The updates will be offered interactively. This means that users will be notified of available updates, but they won’t install automatically. Users will need to go to the Windows Update control panel, select the updates, and manually start installation.

These updates will simply replace system files with the same version of the file currently on the system, and will not deliver new features or fixes.

If you are not familiar with WOT, it is a free Internet security add-on for your browser. WOT will help to keep you safe from online scams, identity theft, spyware, spam, viruses, and unreliable shopping sites. With the WOT add-on, you will receive a warning before you interact with a risky website.

Tuesday, February 17, 2009

That's right, Kodak and Bill Gates! As reported at Bloomberg, Bill Gates made a 5.2% investment in Eastman Kodak Company (NYSE: EK):

"Feb. 17 (Bloomberg) -- Microsoft Corp. co-founder and Chairman Bill Gates boosted his stake in Eastman Kodak Co., the camera pioneer that lost more than $4.5 billion in market value last year as it struggled to shift to digital photography.

Cascade Investment LLC, owned by Gates, bought 7.95 million shares in Kodak, raising his stake in the company to 5.2 percent, Rochester, New York-based Kodak said in a regulatory filing today. The investment would make Gates the fourth-largest shareholder in Kodak as of Dec. 31, according to Bloomberg data."

Saturday, February 14, 2009

The purpose of the Microsoft Fix it team is to automate the steps in Microsoft Knowledge Base articles and Windows Error Reporting (WER) solutions so you can click a button and have the issue resolved.

When you Check for Updates, you receive an error code of 8000FFF. At the Microsoft Fix it Solution Center, you locate a topic under Windows > Windows Update that describes your problem. When you click the link, you are presented with two solutions. You can follow the step-by-step instructions to fix it yourself or download the wizard to make the repair for you.

Since most "fixes" of this type require editing the registry, this can be a very daunting experience for most home computer users. Using a tested utility to make the fix is also much safer since an incorrect registry edit can have dire results.

My friend, Bill Pytlovany, has updated his popular portable WinPatrol program, renamed as WinPatrolToGo. It is perfect for the family "computer person" providing the perfect tool to analyze what is installed and running on any computer from Windows 95 to Windows Vista (it works with Windows 7 also).

Thursday, February 12, 2009

I often jump around when reading new blog posts and tonight was no exception. However, I think that the order that I happened to jump tonight is interesting. To begin, I always enjoy reading Ed Bott's posts, whether they are at Ed Bott's Windows Expertise or Ed Bott's Microsoft Report so will frequently start read any new posts by Ed.

"Apple has released four different bulletins to cover 48 documented vulnerabilities in the Mac OS X ecosystem, a solitary code execution flaw affecting Safari for Windows and four different security problems in Java for Mac OS X.

Security Update 2009-001 is quite a whopper, providing patches for holes in a wide range of components, including several open-source implementations like ClamAV and fetchmail."

Well now, 48 Apple software updates! On my Windows Vista machine I quickly counted about 1/4 the number of updates to date and that included Windows Media Center, the Junk Email Filters and the Malicious Software Removal Tool. Is it no wonder I went back to Ed's post and chuckled about this quote and the reference to "consumers":

"Of the most famous computer makers, only two, Apple and Sony, primarily aim their products at consumers."

I have a security-minded "consumer" friend who thought she was going to have a better quality of life with an Apple computer. She has commented many times about the pain of trying to get all of the Apple updates on her dial-up connection. So much for the consumer.

Microsoft (Nasdaq “MSFT”) announced today a $250,000 reward for information that results in the arrest and conviction of the responsible parties who illegally launched the Conficker (Downadup) worm on the Internet.

Microsoft additionally announced a partnership with the following organizations to "implement a coordinated, global response to the Conficker worm:

“The best way to defeat potential botnets like Conficker/Downadup is by the security and Domain Name System communities working together,” said Greg Rattray, chief Internet security advisor at ICANN. “ICANN represents a community that’s all about coordinating those kinds of efforts to keep the Internet globally secure and stable.”

“Microsoft’s approach combines technology innovation and effective cross-sector partnerships to help protect people from cybercriminals,” Stathakopoulos said. “We hope these efforts help to contain the threat posed by Conficker, as well as hold those who illegally launch malware accountable.”

Remember - "A day without laughter is a day wasted."May the wind sing to you and the sun rise in your heart...

Microsoft has posted two new pages that provide information you can use to protect against and remove Conficker. The pages consolidate information that Microsoft has related to the Conficker incident. In addition links are provided to more detailed resources such as the Microsoft Malware Protection Center weblog and encyclopedia.

This is going to be fun! Security Garden (that's me) is challenging the members of The WinVistaClub to learn more about and take control over what happens and when it happens on their computer with WinPatrol.

Compliments of BillP Studios and Security Garden, I will be awarding a WinPatrol PLUS license (value $29.95 USD) to five WinVistaClub members.

Monday, February 09, 2009

For some time, Symantec's anti-virus product had a reputation for being bloated. Then along came the Norton Internet Security 2009 package and with it rave reviews. The improvements included a leaner footprint, improved speed, white listing and other technologies to mark clean files as trusted, as well as continued free technical support.

AV-Comparatives.org reported the product achieving ADVANCED+ in detection tests and proactive ADVANCED due to improved heuristics. The biggest improvement noted by AV-Comparatives.org was the impact on system resources, with the new version running light on the system and no major impact on performance.

The Bad:

Could it be that that Symantec was not able to build sales on the favorable press results and bundling with Hewlett Packard and Dell computers? Instead, Symantec announced a partnership with IAC/Ask:

"Oakland, CA and Cupertino, CA – Feb. 03, 2009 – Leading search engine Ask.com, an operating business of IAC (Nasdaq: IACI) with 76 million monthly unique users, and Symantec Corp. (Nasdaq: SYMC), whose Norton brand is the world’s security market share leader for consumer software and services, today announced a multi-year, strategic partnership to deliver the best answers and even safer search results on the Web."

The Ugly:

If you can get past the Symantec self-promotion in the above quote, I suggest that you read Ben Edelman's report in Current Practices of IAC/Ask Toolbarsand learn more than you ask for:

"As the fifth-biggest search engine, Ask faces a clear problem: How to get users to leave their favored search engines, to conduct their searches at Ask instead? One Ask strategy is to buys ads on TV and in other media, claiming to offer a better product. But Ask also drives traffic to its search engine by enticing users to install its toolbars. This article looks at Ask's current and recent toolbar practices, including:

Throughout, I compare these practices to the statements of Ask's staff, and I compare these practices with applicable legal and ethical duties."

Understand that IAC pays vendors per install of their product. Thus, the pre-checked option to include the toobar in products such as Check Point's ZoneAlarm Firewall, Webroot, Comodo Firewall, and StopZilla has resulted in their inclusion in the Calendar of Updates (CoU) Installers Hall of Shame.

Tell me, are you ready to pay $39.99 (U.S.) for Norton Antivirus 2009 and get the "bonus" IAC software included?

Thursday, February 05, 2009

Within hours of Jon DeVaan's posting the Update on UAC in the Engineering Windows 7 blog, a joint posting by Jon and Steven Sinofsky was published announcing two changes to the RC (Release Candidate) of Windows 7:

The UAC Control Panel will run in a high integrity process, which requires elevation.

Changing the UAC setting (adjusting the slider) will prompt for confirmation.

"The first change was a bug fix and we actually have a couple of others similar to that—this is a beta still, even if many of us are running it full time. The second change is due directly to the feedback we’re seeing. This “inconsistency” in the model is exactly the path we’re taking. The way we‘re going to think about this that the UAC setting is something like a password, and to change your password you need to enter your old password."

I was not concerned about the second fix to Windows 7 because "Scotty is on Patrol" and would have advised me if something attempted to change the UAC setting on my computer. However, not all Windows users have WinPatrol watching over them (Hmmm, why not?) so I am glad that Microsoft listens.

Tuesday, February 03, 2009

Although additional "sku's" are available, Microsoft is anticipating that two versions of Windows 7 will meet the needs of most people. Those two versions are Windows 7 Home Premium and Windows 7 Professional.

According to Mike Ybarra, general manager of Windows (see PressPass), the changes in Windows 7 will be three-fold:

Make sure that editions of Windows 7 are a superset of one another. Thus, if you upgrade from one version to the next, you will not lose features and functionality that was in a previous edition.

Windows 7 is designed so different editions of Windows 7 can run on a very broad set of hardware, i.e., netbooks to gaming desktops. My interpretation is that we should not be anticipating hardware shortfalls in Windows 7.

Communication to make the choices clear.

Following is a description of the Windows 7 versions that will be available:

Windows 7 Starter - Intended for Small Notebooks (Netbooks)

Broad app and device compatibility with up to 3 concurrent applications